mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 21:37:22 +00:00
Merge branch 'main' into pm-20250225-start
This commit is contained in:
Paolo Matarazzo
GitHub
commit
97b3a77e00
@ -2,7 +2,7 @@
|
||||
title: Use Set up School PCs app
|
||||
description: Learn how to use the Set up School PCs app and apply the provisioning package.
|
||||
ms.topic: how-to
|
||||
ms.date: 07/09/2024
|
||||
ms.date: 02/25/2025
|
||||
appliesto:
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
|
||||
- ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Assigned Access policy settings
|
||||
description: Learn about the policy settings enforced on a device configured with Assigned Access.
|
||||
ms.topic: reference
|
||||
ms.date: 10/31/2024
|
||||
ms.date: 02/25/2025
|
||||
---
|
||||
|
||||
# Assigned Access policy settings
|
||||
@ -20,6 +20,7 @@ The following policy settings are applied at the device level when you deploy a
|
||||
|
||||
| Type | Path | Name/Description |
|
||||
|---------|----------------------------------------------------------------------------|---------------------------------------------------------------------------|
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Settings/AllowOnlineTips` | Allow Online Tips |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Experience/AllowCortana` | Disable Cortana |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDocuments` | Disable Start documents icon |
|
||||
| **CSP** | `./Vendor/MSFT/Policy/Config/Start/AllowPinnedFolderDownloads` | Disable Start downloads icon |
|
||||
@ -45,8 +46,9 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
|---------|----------------------------------------------------------------------------------|-------------------------------------------------------------------|
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/DisableContextMenus` | Disable Context Menu for Start menu apps |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HidePeopleBar` | Hide People Bar from appearing on taskbar |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentJumplists` | Hide recent jumplists from appearing on the Start menu/taskbar |
|
||||
| **CSP** | `./User/Vendor/MSFT/Policy/Config/Start/HideRecentlyAddedApps` | Hide recently added apps from appearing on the Start menu |
|
||||
| **CSP** | User Configuration\Administrative Templates\Windows Components\Windows Copilot | Turn off Windows Copilot |
|
||||
| **GPO** | User Configuration\Administrative Templates\Desktop | Hide and disable all items on the desktop |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Clear history of recently opened documents on exit |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Disable showing balloon notifications as toasts |
|
||||
@ -54,7 +56,7 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not allow pinning programs to the Taskbar |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Do not display or track items in Jump Lists from remote locations |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide and disable all items on the desktop |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide the Task View button |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Hide the TaskView button |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock all taskbar settings |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Lock the Taskbar |
|
||||
| **GPO** | User Configuration\Administrative Templates\Start Menu and Taskbar | Prevent users from adding or removing toolbars |
|
||||
@ -81,6 +83,7 @@ The following policy settings are applied to targeted user accounts when you dep
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove *Map network drive* and *Disconnect Network Drive* |
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\File Explorer | Remove File Explorer's default context menu |
|
||||
| **GPO** | User Configuration\Administrative Templates\Windows Components\Windows Copilot | Turn off Windows Copilot |
|
||||
| **GPO** | User Configuration\Administrative Templates\WindowsComponents\File Explorer | Prevent access to drives from My Computer |
|
||||
|
||||
The following policy settings are applied to the kiosk account when you configure a kiosk experience with Microsoft Edge:
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Start policy settings
|
||||
description: Learn about the policy settings to configure the Windows Start menu.
|
||||
ms.topic: reference
|
||||
ms.date: 07/10/2024
|
||||
ms.date: 02/25/2025
|
||||
appliesto:
|
||||
zone_pivot_groups: windows-versions-11-10
|
||||
---
|
||||
|
||||
@ -0,0 +1,23 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
### Show notification bell icon
|
||||
|
||||
This policy setting allows you to show the notification bell icon in the system tray:
|
||||
|
||||
- If you enable this policy setting, the notification icon is always displayed
|
||||
- If you disable or don't configure this policy setting, the notification icon is only displayed when there's a special status (for example, when *do not disturb* is turned on)
|
||||
|
||||
> [!NOTE]
|
||||
> A reboot is required for this policy setting to take effect.
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
| **CSP** |- `./User/Vendor/MSFT/Policy/Config/Start/`[AlwaysShowNotificationIcon](/windows/client-management/mdm/policy-csp-start#AlwaysShowNotificationIcon) |
|
||||
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
|
||||
|
||||
<!-- not linked yet as it's in Insider>
|
||||
@ -0,0 +1,22 @@
|
||||
---
|
||||
author: paolomatarazzo
|
||||
ms.author: paoloma
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: include
|
||||
---
|
||||
|
||||
### Turn off abbreviated time and date format
|
||||
|
||||
This policy setting allows you to show the longer time and date format in the system tray:
|
||||
|
||||
- If you enable this policy setting, the time format will include the AM/PM time marker and the date will include the year.
|
||||
|
||||
> [!NOTE]
|
||||
> A reboot is required for this policy setting to take effect.
|
||||
|
||||
| | Path |
|
||||
|--|--|
|
||||
| **CSP** |- `./User/Vendor/MSFT/Policy/Config/Start/`[TurnOffAbbreviatedDateTimeFormat](/windows/client-management/mdm/policy-csp-start#TurnOffAbbreviatedDateTimeFormat) |
|
||||
| **GPO** |- **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** |
|
||||
|
||||
<!-- not linked yet as it's in Insider>
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Additional mitigations
|
||||
description: Learn how to improve the security of your domain environment with additional mitigations for Credential Guard and sample code.
|
||||
ms.topic: reference
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Configure Credential Guard
|
||||
description: Learn how to configure Credential Guard using MDM, Group Policy, or the registry.
|
||||
ms.topic: how-to
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Considerations and known issues when using Credential Guard
|
||||
description: Considerations, recommendations, and known issues when using Credential Guard.
|
||||
ms.topic: troubleshooting
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: How Credential Guard works
|
||||
description: Learn how Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
|
||||
ms.topic: concept-article
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/20/2024
|
||||
ms.date: 02/25/2025
|
||||
title: Credential Guard overview
|
||||
description: Learn about Credential Guard and how it isolates secrets so that only privileged system software can access them.
|
||||
ms.topic: overview
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business cloud-only deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a cloud-only deployment scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in a hybrid certificate trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business hybrid certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and enroll in Windows Hello for Business in hybrid certificate trust model
|
||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
ms.date: 09/26/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and validate the PKI in a hybrid certificate trust model
|
||||
description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business hybrid certificate trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business cloud Kerberos trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a cloud Kerberos trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
@ -45,7 +45,7 @@ When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *Azur
|
||||
- Is only used by Microsoft Entra ID to generate TGTs for the Active Directory domain
|
||||
|
||||
> [!NOTE]
|
||||
> Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of priviliged built-in security groups won't be able to use cloud Kerberos trust.
|
||||
> Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of privileged built-in security groups won't be able to use cloud Kerberos trust.
|
||||
|
||||
:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Screenshot of the Active Directory Users and Computers console, showing the computer object representing the Microsoft Entra Kerberos server." lightbox="images/azuread-kerberos-object.png":::
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure and enroll in Windows Hello for Business in a hybrid key trust model
|
||||
description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid key trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business hybrid key trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in a hybrid key trust scenario.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Plan a Windows Hello for Business Deployment
|
||||
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
|
||||
ms.date: 10/30/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
@ -251,7 +251,7 @@ Here are some considerations regarding licensing requirements for cloud services
|
||||
|
||||
### Windows requirements
|
||||
|
||||
All supported Windows versions can be used with Windows Hello for Business. However, cloud Kerberos trust requires minimum versions:
|
||||
All supported Windows (client) versions can be used with Windows Hello for Business. However, cloud Kerberos trust requires minimum versions:
|
||||
|
||||
|| Deployment model | Trust type | Windows version|
|
||||
|--|--|--|--|
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in an on-premises certificate trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business on-premises certificate trust model.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business on-premises certificate trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust scenario.
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Configure Active Directory Federation Services in an on-premises key trust model
|
||||
description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business key trust model.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
---
|
||||
ms.date: 06/23/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
title: Configure Windows Hello for Business Policy settings in an on-premises key trust
|
||||
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Windows Hello for Business on-premises key trust deployment guide
|
||||
description: Learn how to deploy Windows Hello for Business in an on-premises, key trust scenario.
|
||||
ms.date: 06/24/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: tutorial
|
||||
---
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Prepare users to provision and use Windows Hello for Business
|
||||
description: Learn how to prepare users to enroll and to use Windows Hello for Business.
|
||||
ms.date: 11/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: end-user-help
|
||||
---
|
||||
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
title: Configure S/MIME For Windows
|
||||
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them. Learn how to configure S/MIME for Windows.
|
||||
ms.topic: how-to
|
||||
ms.date: 12/02/2024
|
||||
ms.date: 02/25/2025
|
||||
---
|
||||
|
||||
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
---
|
||||
title: Encrypted hard drives
|
||||
description: Learn how encrypted hard drives use the rapid encryption that is provided by BitLocker to enhance data security and management.
|
||||
ms.date: 07/22/2024
|
||||
ms.date: 02/25/2025
|
||||
ms.topic: concept-article
|
||||
---
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user